Freedesktop Poppler vulnerabilities

CVE-2019-9878 [HIGH] CVE-2019-9878: There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2019-9903 [MEDIUM] CWE-787 CVE-2019-9903: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumpt PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.

CVE-2019-9631 [CRITICAL] CWE-125 CVE-2019-9631: Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

CVE-2019-9589 [HIGH] CVE-2019-9589: There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2019-9543 [HIGH] CWE-674 CVE-2019-9543: An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBit An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JA

CVE-2019-9545 [HIGH] CWE-674 CVE-2019-9545: An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bi

CVE-2019-9200 [HIGH] CWE-787 CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2019-7310 [HIGH] CWE-125 CVE-2019-7310: In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::ge In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.

CVE-2018-20662 [MEDIUM] CWE-20 CVE-2018-20662: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (applica In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.

CVE-2018-20650 [MEDIUM] CWE-20 CVE-2018-20650: A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of ser A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.

CVE-2018-20551 [MEDIUM] CWE-20 CVE-2018-20551: A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of serv A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

CVE-2018-20481 [MEDIUM] CWE-476 CVE-2018-20481: XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

CVE-2018-19149 [MEDIUM] CWE-476 CVE-2018-19149: Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from pop Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

CVE-2018-19059 [MEDIUM] CWE-125 CVE-2018-19059: An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSp An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

CVE-2018-19060 [MEDIUM] CWE-476 CVE-2018-19060: An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, w An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

CVE-2018-19058 [MEDIUM] CWE-670 CVE-2018-19058: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2018-16646 [MEDIUM] CWE-835 CVE-2018-16646: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a cra In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

CVE-2018-13988 [MEDIUM] CWE-125 CVE-2018-13988: Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

CVE-2017-18267 [MEDIUM] CWE-835 CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote atta The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.